CVE-2025-53091

WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. Version 3.4.0 fixes the issue.

INFO

Published Date :

2025-06-27T15:08:34.306Z

Last Modified :

2025-06-27T15:46:13.293Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-53091 vulnerability.

Vendors	Products
Wegia	Wegia

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53091.

URL	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmf9-2rc3-vvxx

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact